Mission
Assure that only the right people and entities have the right access at the right time to enable the organization to securely reach its goals.
Responsibilities
Responsibility | Category |
|---|---|
Assess existing IAM capabilities, develop a risk-based IAM strategic roadmap aligned with the organization's goals and obtain top management sponsorship for it | GOVERNANCE |
Embrace Identity and Access Management holistically including Workforce IAM, 3rd Party IAM, Client IAM, Object IAM, Technical IAM or PAM and Physical Access | GOVERNANCE |
Assure that the IAM function and program are supervised by adequate governing bodies | GOVERNANCE |
Design and implement IAM policies that establishes clear requirements and accountability for IAM topics | GOVERNANCE |
Develop an IAM technological roadmap to sustain the organization's digital transformation | GOVERNANCE |
Find, recruit, train and develop IAM talents | GOVERNANCE |
Design and implement an authorization process that assure the legitimacy and appropriateness of access permissions | GOVERNANCE |
Assure coverage of IAM processes over the information system by dynamically integrating IT Asset Management inventories | IDENTIFY |
Identify and analyze IAM related risks in alignment with the organization's risk management framework | IDENTIFY |
Conduct regulatory and industrial watch to identify regulatory, contractual and industrial requirements and best practices | IDENTIFY |
Facilitate and provide evidences for internal and external audits on IAM related topics and manage related findings and recommendations | IDENTIFY |
Embed IAM requirements by design in the SDLC, Project, and Change Management processes | IDENTIFY |
Assure adequate traceability in IAM processes to fullfill compliance and security requirements | IDENTIFY |
Reconciliate systems with authorizations to identify and act upon anomalous identities and accesses | IDENTIFY |
Use data analytics to identify and respond to anomalous identities, accesses, and behaviors | IDENTIFY |
Effectively implement IAM remediation plans to mitigate IAM related risks | PROTECT |
Assure identity proofing and XXX | PROTECT |
Implement role-based and other access control models to assure least privilege and its specialized form need-to-know | PROTECT |
Design, implement, and execute IAM controls to efficiently and effectively assure compliance with regulatory, contractual and industrial best practice requirements | PROTECT |
Home office and remote access | PROTECT |
Privileged and technical access management | PROTECT |
Off-boarding and security | PROTECT |
Mitigate fraud and accidents by deploying SoD and toxic rights controls | PROTECT |
Deploy authentication mechanisms whose robustness is commensurate with risk | PROTECT |
Clean the information system from orphaned accounts | PROTECT |
Recertification | PROTECT |
Remediate anomalous identities and accesses | PROTECT |
Define and implement a password and secrets management policy | PROTECT |
Federation with 3rd parties | PROTECT |
